sshdfilter - SSH brute force attack blocker

Distribution: OpenMandriva Lx 3.0
Repository: OpenMandriva Contrib i586
Package name: sshdfilter
Package version: 1.5.6
Package release: 1-omv2013.0
Package architecture: noarch
Package type: rpm
Installed size: 82.97 KB
Download size: 35.61 KB
Official Mirror:
sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables rules, the process can be quick enough to block an attack before they get a chance to enter any password at all. sshdfilter starts sshd itself, having started sshd with the -e and -D options. This means it can see events as they happen. sshdfilter then looks for lines of the form: Did not receive identification string from x.x.x.x Illegal user x from x.x.x.x Failed password for illegal user x from x.x.x.x port x ssh2 Failed password for x from x.x.x.x port x ssh2 The former three instantly trigger sshdfilter into creating iptables rules which block all ssh access from that IP. The latter failure is given a few chances before it too is blocked. These are in fact example rules, the exact wording varies between Linux distributions, so sshdfilter exists as a base program and groups of patterns for each distribution. All new rules are inserted into a custom chain, and to prevent the chain from becoming overloaded with old rules, rules over a week old are deleted.



  • config(sshdfilter) == 0:1.5.6-1:2013.0
  • sshdfilter == 0:1.5.6-1:2013.0


    Install Howto

    1. Enable OpenMandriva Contrib repository on Install and Remove Software"
    2. Update packages list:
      # urpmi.update -a
    3. Install sshdfilter rpm package:
      # urpmi sshdfilter


    • /etc/sshdfilterrc
    • /etc/sysconfig/sshdfilter
    • /usr/sbin/sshdfilter
    • /usr/share/doc/sshdfilter/INSTALL
    • /usr/share/doc/sshdfilter/todo
    • /usr/share/man/man1/sshdfilter.1.xz
    • /usr/share/man/man5/sshdfilterrc.5.xz


    2011-03-16 - St?phane T?letch?a <> 0:1.5.6-1mdv2011.0 + Revision: 645430 - update to new version 1.5.6